Greetings folks...
We recently upgraded our Moodle 1.7 installation to Moodle 1.9.2. For the most part, things are running smoothly.
Several of our users, however, have reported that forum posts have been lost when they got an "Incorrect sesskey" message. The error message is in the formslib.php... it appears to be thrown when Moodle believes the form they are submitting was not generated for them. (I.e., sesskey in the hidden form field does not match sesskey stored in the user's session data.)
My first thought was that users were leaving the forum post interface open for a long time, and their session was expiring. After reviewing the logs and interviewing affected users, I'm sure that's not the case.
Has anyone experienced this? We're almost at a loss for ways to troubleshoot this... As you can imagine, it's extremely frustrating to our users. We are averaging two or three sesskey errors per day. Each means the loss of a forum post or other form data, and contributes to a mistrust of Moodle.
I see that I could disable sesskey checking in various ways, but I'm afraid to do so because of the security implications.
Best regards,
-Garret